Certified in Risk and Information Systems Control (CRISC) — Question 644

After the implementation of Internet of Things (IoT) devices, new risk scenarios were identified. What is the PRIMARY reason to report this information to risk owners?

Answer options

• A. To reevaluate continued use of IoT devices.
• B. To recommend changes to the IoT policy.
• C. To confirm the impact to the risk profile.
• D. To add new controls to mitigate the risk.

Correct answer: C

Explanation

The correct answer is C because it is crucial to understand how the newly identified risks affect the overall risk profile. The other options, while important, focus on actions that may be taken after understanding the impact, rather than confirming the impact itself.